Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Since 3.12.0 filesystem write access during container build IT tests results in AccessDeniedException #41659

Closed
HerrDerb opened this issue Jul 3, 2024 · 5 comments · Fixed by #41676
Closed

Since 3.12.0 filesystem write access during container build IT tests results in AccessDeniedException #41659

HerrDerb opened this issue Jul 3, 2024 · 5 comments · Fixed by #41676
Labels
area/container-image kind/bug Something isn't working
Milestone
3.12.2

Comments

@HerrDerb
Copy link
Contributor

HerrDerb commented Jul 3, 2024
edited
Loading

Describe the bug

I have an application that creates dirs and writes files to the file system. In production, this directory is mounted. During test we used to write directly into the container.

With the update to 3.12.0 this seem not to be possible anymore as we get a AccessDeniedException: java.nio.file.AccessDeniedException: /home/jboss/myDir

Expected behavior

No change. Writing to the filesystem during a containerized test should still be possible

How to Reproduce?

https://github.com/HerrDerb/quarkus-issue/tree/container-write

  • ./mvnw verify -Dquarkus.container-image.build=true -DskipITs=false

when running with 3.12.0 the IT test will fail -> see target/quarkus.log
when run with 3.11.3 the IT test will succeed
@HerrDerb HerrDerb added the kind/bug Something isn't working label Jul 3, 2024
@HerrDerb HerrDerb changed the title Since 3.12.0 write access on the containers filesystem results in AccessDeniedException Since 3.12.0 write access in container build results in AccessDeniedException Jul 3, 2024
@HerrDerb HerrDerb changed the title Since 3.12.0 write access in container build results in AccessDeniedException Since 3.12.0 write access during container build IT tests results in AccessDeniedException Jul 3, 2024
@HerrDerb HerrDerb changed the title Since 3.12.0 write access during container build IT tests results in AccessDeniedException Since 3.12.0 filesystem write access during container build IT tests results in AccessDeniedException Jul 3, 2024
@geoand
Copy link
Contributor

geoand commented Jul 3, 2024

This is really weird. From 3.12 the container logs:

/opt/jboss/container/java/run/run-java.sh: line 147: /opt/jboss/container/java/jvm/java-default-options: Permission denied
/opt/jboss/container/java/run/run-java.sh: line 150: /opt/jboss/container/java/jvm/debug-options: Permission denied
INFO exec -a "java" java -Djava.util.logging.manager=org.jboss.logmanager.LogManager -cp "." -jar /home/jboss/quarkus-run.jar 
INFO running in /home/jboss
/opt/jboss/container/java/run/run-java.sh: line 147: /opt/jboss/container/java/jvm/java-default-options: Permission denied
/opt/jboss/container/java/run/run-java.sh: line 150: /opt/jboss/container/java/jvm/debug-options: Permission denied

where those Permission denied entries don't exist for 3.12. I have yet to discover what causes the problem...

@geoand
Copy link
Contributor

geoand commented Jul 3, 2024

@galderz this seems to be caused by 7493ab4, where we are using user 1000 for launching the container. This is incorrect for the container image created by Jib when running with Docker.

What was the reasoning behind this change?

@geoand
Copy link
Contributor

geoand commented Jul 4, 2024

Maybe we should only do call getVolumeAccessArguments when volumeMounts are not empty?

@geoand geoand mentioned this issue Jul 4, 2024
Merged
@gsmet gsmet closed this as completed in a0c7c69 Jul 9, 2024
gsmet added a commit that referenced this issue Jul 9, 2024
@gsmet
Merge pull request #41676 from geoand/#41659
fc86940 
Don't always set the user parameter when starting container in tests
@quarkus-bot quarkus-bot bot added this to the 3.13 - main milestone Jul 9, 2024
@gsmet gsmet modified the milestones: 3.13 - main, 3.12.2 Jul 9, 2024
gsmet pushed a commit to gsmet/quarkus that referenced this issue Jul 9, 2024
@geoand @gsmet
Don't always set the user parameter when starting container in tests
ba99497 
Fixes: quarkusio#41659
(cherry picked from commit a0c7c69)
@HerrDerb
Copy link
Contributor Author

HerrDerb commented Jul 10, 2024
edited
Loading

Thank you 🙂👍

@geoand
Copy link
Contributor

geoand commented Jul 10, 2024

🙏🏼

holly-cummins pushed a commit to holly-cummins/quarkus that referenced this issue Jul 31, 2024
@geoand @holly-cummins
Don't always set the user parameter when starting container in tests
ca86b42 
Fixes: quarkusio#41659
danielsoro pushed a commit to danielsoro/quarkus that referenced this issue Sep 20, 2024
@geoand @danielsoro
Don't always set the user parameter when starting container in tests
d51dd34 
Fixes: quarkusio#41659
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/container-image kind/bug Something isn't working
Projects
None yet
Milestone
3.12.2
Development

Successfully merging a pull request may close this issue.

Don't always set the user parameter when starting container in tests geoand/quarkus
3 participants
@gsmet @geoand @HerrDerb